Jeb Bush Comes Out Against Encryption

from the not-so-cryptic-statements dept.

An anonymous reader writes:

Presidential candidate Jeb Bush has called on tech companies to form a more “cooperative” arrangement with intelligence agencies. During a speech in South Carolina, Bush made clear his opinion on encryption: “If you create encryption, it makes it harder for the American government to do its job — while protecting civil liberties — to make sure that evildoers aren’t in our midst.” He also indicated he felt the recent scaling back of the Patriot Act went too far. Bush says he hasn’t seen any indication the bulk collection of phone metadata violated anyone’s civil liberties.

Advertisements

Windows 10’s Privacy Policy: the New Normal?

from the no-i-do-not-want-to-send-a-crash-report dept.

An anonymous reader writes:

The launch of Windows 10 brought a lot of users kicking and screaming to the “connected desktop.” Its benefits come with tradeoffs: “the online service providers can track which devices are making which requests, which devices are near which Wi-Fi networks, and feasibly might be able to track how devices move around. The service providers will all claim that the data is anonymized, and that no persistent tracking is performed… but it almost certainly could be.” There are non-trivial privacy concerns, particularly for default settings. 
According to Peter Bright, for better or worse this is the new normal for mainstream operating systems. We’re going to have to either get used to it, or get used to fighting with settings to turn it all off. “The days of mainstream operating systems that don’t integrate cloud services, that don’t exploit machine learning and big data, that don’t let developers know which features are used and what problems occur, are behind us, and they’re not coming back. This may cost us some amount of privacy, but we’ll tend to get something in return: software that can do more things and that works better.”

Posted by Soulskill 2 days ago

 

IT Workers Training Their Foreign Replacements

IT Workers Training Their Foreign Replacements ‘Troubling,’ Says White Housefrom the understating-the-matter dept.

dcblogs writes:

A top White House official told House lawmakers this week that the replacement of U.S. workers by H-1B visa holders is ‘troubling’ and not supposed to happen. That answer came in response to a question from U.S. Rep. Jerrold Nadler (D-N.Y.) that referenced Disney workers who had to train their temporary visa holding replacements (the layoffs were later canceled. Jeh Johnson, the secretary of the U.S. Department of Homeland Security, said if H-1B workers are being used to replace U.S. workers, then “it’s a very serious failing of the H-1B program.” But Johnson also told lawmakers that they may not be able to stop it, based on current law. Ron Hira, an associate professor of public policy at Howard University who has testified before Congress multiple times on H-1B visa use, sees that as a “bizarre interpretation” of the law.

Posted by Soulskill 2 days ago

Justice Department: Default Encryption Has Created a ‘Zone of Lawlessness’

ORIGINAL ARTICLE

from the what-would-you-call-this-zone-that’s-allegedly-associated-with-danger? dept.
Jason Koebler writes:
Leslie Caldwell, an assistant attorney general at the Justice Department, said Tuesday that the department is “very concerned” by the Google’s and Apple’s decision to automatically encrypt all data on Android and iOS devices.

“We understand the value of encryption and the importance of security,” she said. “But we’re very concerned they not lead to the creation of what I would call a ‘zone of lawlessness,’ where there’s evidence that we could have lawful access through a court order that we’re prohibited from getting because of a company’s technological choices.

Posted by Soulskill 2 days ago

FBI Seeks To Legally Hack You If You’re Connected To TOR Or a VPN

Law would allow law enforcement to search electronic data if target computer location has been hidden through Tor or VPN

2015/01/img_2530.jpg
Original Article

by NICOLE KARDELL | FEE | JANUARY 20, 2015

The FBI wants to search through your electronic life. You may think it’s a given that the government is in the business of collecting everyone’s personal data — Big Brother run amok in defiance of the Constitution. But under the limits of the Fourth Amendment, nothing it finds can be used to prosecute its targets. Now the FBI is taking steps to carry out broad searches and data collection under the color of authority, making all of us more vulnerable to “fishing expeditions.”

The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant.

It’s called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court’s jurisdiction.

The change may sound like a technical tweak, but it is a big leap from current procedure. As it stands, Rule 41(b) only allows (with few exceptions) a court to issue a warrant for people or property within that court’s district. The federal rules impose this location limitation — along with requirements that the agent specifically identify the person and place to be searched, find probable cause, and meet other limiting factors — to reduce the impact an investigation could have on people’s right to privacy. Now the FBI is asking for the authority to hack into and search devices without identifying any of the essential whos, whats, wheres, or whys — giving the FBI the authority to search your computer, tablet, or smartphone even if you are in no way suspected of a crime.

All you have to do is cross the FBI’s virtual path. For instance, the proposed amendment would mean that agents could use tactics like creating online “watering holes” to attract their targets. Anyone who clicked on law enforcement’s false-front website would download the government malware and expose their electronic device to an agent’s search (and also expose the device to follow-on hackers). One obvious target for this strategy is any forum that attracts government skeptics and dissenters — FEE.org, for example. Such tactics could inadvertently impact thousands of people who aren’t investigation targets.

This sort of sweeping authority is in obvious conflict with the Constitution. The Fourth Amendment makes it clear that the government cannot legally search your house or your personal effects, including your electronic devices, without (1) probable cause of a suspected crime (2) defined in a legal document (generally, a search warrant issued by a judge) (3) that specifically identifies what is to be searched and what is to be seized.

The FBI is not the first government agency to find itself challenged by the plain language of the Fourth Amendment. Past overreach has required judges and Congress to clarify what constitutes a legal search and seizure in particular contexts. In the 1960s, when electronic eavesdropping (via wiretaps and bugs) came about, Congress established the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Act). The law addressed concerns about these new surreptitious and invasive investigative tactics and provided several strictures on legal searches via wiretap or bug. Since covert investigative tools can be hard to detect, it was important to institute more rigorous standards to keep agents in line.

The same concerns that Congress addressed in the 1960s are present today, but they take on far greater significance. With our growing reliance on electronic devices to communicate with others, to transact business, to shop, travel, date, and store the details of our private lives, these devices are becoming our most important personal effects. The ability of government actors to enter our digital space and search our electronic data is a major privacy concern that must be checked by Fourth Amendment standards. As the Supreme Court recently pronounced in Riley v. California, the search of a modern electronic device such as a smartphone or computer is more intrusive to privacy than even “the most exhaustive search of a house.”

What seems most troubling, though, is that the FBI is attempting to override the Fourth Amendment, along with the body of law developed over the years to reign in surveillance powers, through a relatively obscure forum. Instead of seeking congressional authority or judicial clarification, it has sought a major power grab through a procedural rule tweak — a tweak that would do away with jurisdictional limitations and specificity requirements, among other important checks on law enforcement. The request seems objectively — and constitutionally — offensive.

Internet Voting Hack Alters PDF Ballots In Transmission

from the don’t-let-the-nice-man-borrow-your-router dept.

The Article

IMG_2303.JPG

msm1267 (2804139) writes

Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren’t where they should be. Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called ‘Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering’ that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority. The attack relies on a hacker first replacing the embedded Linux firmware running on a home router. Once a hacker is able to sit in the traffic stream, they will be able to intercept a ballot in traffic and modify code strings representing votes and candidates within the PDF to change the submitted votes.

This has been a concern for years since the advent of the voting machines, now the hacks are more intrusive and versatile.

Posted by timothy 3 days ago

Records of up to 25,000 Homeland Security staff hacked in cyber-attack

Records of up to 25,000 Homeland Security staff hacked in cyber-attack

Associated Press in Washington
theguardian.com, Friday 22 August 2014 20.48 EDT

Anonymous official says number could be even greater as department warns employees to check bank accounts

The internal records of as many as 25,000 employees of America’s Department of Homeland Security (DHS) were exposed during a recent computer hack at a federal contractor that handles security clearances, an agency official said on Friday.

The official, speaking anonymously, said the number of victims could be greater. The incident is under active federal criminal investigation.

The department was informing employees whose files were exposed in the hacking against contractor USIS and warning them to monitor their financial accounts.

Earlier this month, USIS acknowledged the break-in, saying its internal cybersecurity team had detected what appeared to be an intrusion with “all the markings of a state-sponsored attack”.

Neither USIS nor government officials have speculated on the identity of the foreign government.

USIS, once known as US Investigations Services, has been under criticism in Congress in recent months for its performance in conducting background checks on National Security Agency systems analyst Edward Snowden and on Aaron Alexis, a military contractor employee who shot 12 people dead in Washington in September 2013.

Private contractors perform background checks on more than two-thirds of the 4.9 million government workers with security clearances, and USIS handles nearly half of that number.

It is not clear when the hacking took place, but DHS notified all its employees internally on 6 Aug.

At that point, DHS issued “stop-work orders” preventing further information flows to USIS until the agency was confident the company could safeguard its records.

At the same time, the Office of Personnel Management (OPM) temporarily halted all USIS background check fieldwork “out of an abundance of caution,” spokeswoman Jackie Koszczuk said.

Officials would not say whether workers from other government agencies were at risk. DHS will provide workers affected by the intrusion with credit monitoring.

The risk to as many as 25,000 DHS workers was first reported on Friday by Reuters.

A cybersecurity expert, Rick Dakin, said the possibility that other federal departments could be affected depends on whether the DHS records were “segmented, or walled off, from other federal agencies’ files inside USIS.

“The big question is what degree of segmentation was already in place so that other agencies weren’t equally compromised,” said Dakin, chief executive of Coalfire, a major IT audit and compliance firm.